diff --git a/.github/actions/action-build-image/action.yml b/.github/actions/action-build-image/action.yml index 3338225..90df703 100644 --- a/.github/actions/action-build-image/action.yml +++ b/.github/actions/action-build-image/action.yml @@ -36,13 +36,13 @@ runs: using: "composite" steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download a single artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ inputs.artifact-name }} - name: Login to Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: registry: ${{ inputs.registry }} username: ${{ inputs.registry-username }} @@ -50,13 +50,13 @@ runs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 with: images: "${{ inputs.registry }}/${{ github.repository }}/${{ inputs.image-name }}" tags: ${{inputs.image-tags}} labels: ${{inputs.image-labels}} - name: Build and push image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 with: context: ./${{ inputs.path }} push: true diff --git a/.github/actions/action-codeql/action.yml b/.github/actions/action-codeql/action.yml index 6f454b8..b26e8bc 100644 --- a/.github/actions/action-codeql/action.yml +++ b/.github/actions/action-codeql/action.yml @@ -31,7 +31,7 @@ runs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK if: inputs.codeql-language == 'java-kotlin' && inputs.codeql-buildmode == 'autobuild' - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: java-version: ${{ inputs.java-version }} distribution: "temurin" diff --git a/.github/actions/action-maven-build/action.yml b/.github/actions/action-maven-build/action.yml index 3202d10..8e387a7 100644 --- a/.github/actions/action-maven-build/action.yml +++ b/.github/actions/action-maven-build/action.yml @@ -16,9 +16,9 @@ runs: using: "composite" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: java-version: ${{ inputs.java-version }} distribution: "temurin" @@ -32,7 +32,7 @@ runs: shell: bash - id: upload-artifact name: "Upload Artifact" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: ${{steps.artifact-name.outputs.artifact-name}} path: "**/target" diff --git a/.github/actions/action-maven-release/action.yml b/.github/actions/action-maven-release/action.yml index 5eef728..3071eb9 100644 --- a/.github/actions/action-maven-release/action.yml +++ b/.github/actions/action-maven-release/action.yml @@ -42,9 +42,9 @@ runs: steps: # Checkout source code, set up Java, etc. Then... - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: java-version: ${{ inputs.java-version }} distribution: "temurin" @@ -74,7 +74,7 @@ runs: run: echo "artifact-name=${{hashFiles(format('./{0}/pom.xml', inputs.app-path))}}" >> "$GITHUB_OUTPUT" shell: bash - name: "Upload Artifact" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: ${{steps.artifact-name.outputs.artifact-name}} path: "**/target" diff --git a/.github/actions/action-npm-build/action.yml b/.github/actions/action-npm-build/action.yml index 709f41f..0e070e7 100644 --- a/.github/actions/action-npm-build/action.yml +++ b/.github/actions/action-npm-build/action.yml @@ -15,9 +15,9 @@ outputs: runs: using: "composite" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version: ${{ inputs.node-version }} cache: "npm" @@ -38,7 +38,7 @@ runs: run: echo "artifact-name=${{hashFiles(format('./{0}/package.json', inputs.app-path))}}" >> "$GITHUB_OUTPUT" shell: bash - name: "Upload Artifact" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: ${{steps.artifact-name.outputs.artifact-name}} path: "**/dist" diff --git a/.github/workflows/deploy-pages.yml b/.github/workflows/deploy-pages.yml index 493438d..6fe0962 100644 --- a/.github/workflows/deploy-pages.yml +++ b/.github/workflows/deploy-pages.yml @@ -41,23 +41,23 @@ jobs: working-directory: ${{ inputs.sub-path }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 # Required for vitepress lastUpdated - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version: ${{ inputs.node-version }} cache: npm cache-dependency-path: "${{ inputs.sub-path }}/package-lock.json" - name: Setup Pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 - name: Install dependencies run: npm ci - name: Build with VitePress run: npm run ${{ inputs.build-cmd }} - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 with: path: ${{ inputs.sub-path }}/${{ inputs.dist-path }} @@ -72,4 +72,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/workflow-templates/ release-maven-image.yaml b/workflow-templates/ release-maven-image.yaml index bafe5ff..97346b8 100644 --- a/workflow-templates/ release-maven-image.yaml +++ b/workflow-templates/ release-maven-image.yaml @@ -57,7 +57,7 @@ jobs: steps: - name: Create GitHub Release id: create_release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 with: tag_name: ${{needs.release-maven.outputs.MVN_ARTIFACT_ID}}-${{ github.event.inputs.releaseVersion }} draft: false diff --git a/workflow-templates/dependency-review.yaml b/workflow-templates/dependency-review.yaml index 273bef7..79bcb5d 100644 --- a/workflow-templates/dependency-review.yaml +++ b/workflow-templates/dependency-review.yaml @@ -8,8 +8,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Dependency Review - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4 with: config-file: it-at-m/.github/workflow-configs/dependency_review.yaml@main diff --git a/workflow-templates/maven-node-build.yaml b/workflow-templates/maven-node-build.yaml index 8290d51..2eafee9 100644 --- a/workflow-templates/maven-node-build.yaml +++ b/workflow-templates/maven-node-build.yaml @@ -13,7 +13,7 @@ jobs: - app-path: # z. B. refarch-eai - app-path: # z. B. refarch-webcomponent steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - if: ${{hashFiles(format('./{0}/package.json', matrix.app-path))!=null}} id: node uses: it-at-m/.github/.github/actions/action-npm-build@main